OpenVMS Encryption - VMS

This is a discussion on OpenVMS Encryption - VMS ; Hi, There have been some recent postings regarding Encryption for OpenVMS. I provide the following to set the facts straight. The former VAX Encryption for OpenVMS (single DES) was updated with the AES encryption algorithm, (Encrypt-AES V2.0) and introduced into ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: OpenVMS Encryption

  1. OpenVMS Encryption

    Hi,

    There have been some recent postings regarding Encryption for OpenVMS. I
    provide the following to set the facts straight.

    The former VAX Encryption for OpenVMS (single DES) was updated with the AES
    encryption algorithm, (Encrypt-AES V2.0) and introduced into (integrated
    with) the OpenVMS version V8.3 operating system. The standard NIST AES 16
    byte block, 128, 192, or 256 bit keys with ECB and CBC block modes, and CFB
    and OFB byte stream modes are optionally avaliable, 128 bit AES CBC
    (/key_alg=AESCBC128 /data_alg=AESCBC128) is the default for AES, DES CBC if
    not specified.
    The encryption library utilized is from SSL (which is also shipped with
    OpenVMS). Although its single block I/O file encryption design hasn't been
    changed from the original design during the late 70's and early 80's was
    very slow.

    Since that time, we have improved Encrypt's I/O performance by a factor of
    35 to 40x faster (using multiple buffer, aggregated writes, pre-allocation
    and larger read-ahead). This was part of Encrypt version V2.1 that was
    released with OpenVMS version V8.3-1H1 and later. We also made this latest
    version work with 2 terabyte file sizes, and fixed a few bugs.


    1 GB File using V8.3 Image without Fix
    --------------------------------------
    $ encrypt $80$DKB400:[TEST]Z. des /out=$80$DKB400:[TEST]z.enc
    $ exit
    SYSTEM job terminated at 4-APR-2007 18:02:18.42
    Accounting information:
    Buffered I/O count: 25082 Peak working set size:
    4304
    Direct I/O count: 2225059 Peak virtual size:
    176144
    Page faults: 306 Mounted volumes:
    0
    Charged CPU time: 0 00:10:47.17 Elapsed time: 0
    03:30:53.53


    1 GB File with ENCRYPSHR Fix
    ----------------------------
    $ encrypt $80$DKB400:[TEST]Z. des /out=$80$DKB400:[TEST]z.enc
    $ exit
    SYSTEM job terminated at 9-APR-2007 11:30:53.06
    Accounting information:
    Buffered I/O count: 83 Peak working set size:
    5600
    Direct I/O count: 47432 Peak virtual size:
    177776
    Page faults: 387 Mounted volumes:
    0
    Charged CPU time: 0 00:05:30.26 Elapsed time: 0
    00:05:42.28


    I would say that's an improvement.

    Encryption for OpenVMS is backward compatible with DES encryption, so
    conversion from single DES (56 bit keys) to the stronger AES encryption is
    simple. Encryption (DES or AES) works with BACKUP, $ BACKUP/ENCRYPT, to
    encrypt save-sets of files or image save-sets. Encryption for OpenVMS also
    has file integrity checking with its MAC message authentication code
    qualifier and database. Encryption works with ODS-2 and ODS-5 volumes on
    Alpha and Integrity systems and has a set of API's to support those
    applications.

    We have not updated VAX Encryption. So that separately licensed product
    supports encryption with only DES encryption, also MAC and BACKUP/ENCRYPT
    (DES) support.


    Regards,

    Paul Mosteika, CISSP
    OpenVMS Engineering - Security






  2. Re: OpenVMS Encryption

    On Apr 22, 10:33 am, "Paul" wrote:
    > Hi,
    >
    > There have been some recent postings regarding Encryption for OpenVMS. I
    > provide the following to set the facts straight.
    >


    And just so everyone knows, TAPESYS is fully compatible with this,
    including the AES encryption.

+ Reply to Thread